ihciah/sugar-trigger.py

## sugar-trigger.py
#!/usr/bin/python
# __author__="ihciah"
# Call this script in ddns script
import hmac, base64, struct, hashlib, time, requests, sys

CONNECT_KEY = "ABCDABCDABCDABCD"
START_ADDRESS = "https://inner-proxy-server.ihc.im:23333/start-tinc"
STOP_ADDRESS = "https://inner-proxy-server.ihc.im:23333/stop-tinc"
CONNECT_ADDRESS = {"START": START_ADDRESS, "STOP": STOP_ADDRESS}


class OTP:
    def __init__(self, secret):
        self.secret = secret

    def get_hotp_token(self, intervals_no):
        key = base64.b32decode(self.secret, True)
        msg = struct.pack(">Q", intervals_no)
        h = hmac.new(key, msg, hashlib.sha1).digest()
        o = ord(h[19]) & 15
        h = (struct.unpack(">I", h[o:o+4])[0] & 0x7fffffff) % 1000000
        return str(h).zfill(6)

    def get_totp_token(self, t=time.time()):
        return self.get_hotp_token(int(t)//30)


def main():
    if len(sys.argv) != 2 or sys.argv[1].upper() not in ["START", "STOP"]:
        print "Usage: %s (start|stop)" % sys.argv[0]
        return
    req = requests.get(CONNECT_ADDRESS[sys.argv[1].upper()], headers={"Auth": OTP(CONNECT_KEY).get_totp_token()})
    print req.content

if __name__ == "__main__":
    main()


## sugar.py
#!/usr/bin/python
# __author__="ihciah"
# Need twisted and pyopenssl

from twisted.web import resource
from twisted.web import server as webserver
from twisted.internet import reactor
from OpenSSL.SSL import Context, TLSv1_METHOD
import hmac, base64, struct, hashlib, time, os

KEY = "ABCDABCDABCDABCD"
HTTP_PORT = 23333


class OTP:
    def __init__(self, secret):
        self.secret = secret

    def get_hotp_token(self, intervals_no):
        key = base64.b32decode(self.secret, True)
        msg = struct.pack(">Q", intervals_no)
        h = hmac.new(key, msg, hashlib.sha1).digest()
        o = ord(h[19]) & 15
        h = (struct.unpack(">I", h[o:o + 4])[0] & 0x7fffffff) % 1000000
        return str(h).zfill(6)

    def get_totp_token(self, t=time.time()):
        return self.get_hotp_token(int(t) // 30)

    def validate(self, authcode):
        valid_keys = [self.get_totp_token(time.time() + t) for t in (-30, 0, 30)]
        return reduce(lambda x, k: x or k == authcode, valid_keys, False)


class HTTPServer(resource.Resource):
    isLeaf = True

    def validate(self, authcode):
        otp = OTP(KEY)
        return otp.validate(authcode)

    def render_GET(self, request):
        try:
            if request.uri == '/start-tinc':
                auth = request.getHeader('Auth')
                if auth and self.validate(auth):
                    os.system("/usr/sbin/tincd -n sugar -k")
                    os.system("/usr/sbin/tincd -n sugar")
                    return "OK!"
            if request.uri == '/stop-tinc':
                auth = request.getHeader('Auth')
                if auth and self.validate(auth):
                    os.system("/usr/sbin/tincd -n sugar -k")
                    return "OK!"
            request.setResponseCode(403)
            return "403 Forbidden"
        except:
            pass


class ContextFactory:
    def __init__(self, context):
        self.context = context

    def getContext(self):
        return self.context


def main():
    cert = "/etc/ssl/ihc/crt"
    key = "/etc/ssl/ihc/key"

    httpserver = webserver.Site(HTTPServer())
    context = Context(TLSv1_METHOD)
    context.use_certificate_chain_file(cert)
    context.use_privatekey_file(key)

    reactor.listenSSL(HTTP_PORT, httpserver, ContextFactory(context))

    reactor.run()


if __name__ == '__main__':
    try:
        main()
    except:
        pass
	#!/usr/bin/python
	# __author__="ihciah"
	# Call this script in ddns script
	import hmac, base64, struct, hashlib, time, requests, sys

	CONNECT_KEY = "ABCDABCDABCDABCD"
	START_ADDRESS = "https://inner-proxy-server.ihc.im:23333/start-tinc"
	STOP_ADDRESS = "https://inner-proxy-server.ihc.im:23333/stop-tinc"
	CONNECT_ADDRESS = {"START": START_ADDRESS, "STOP": STOP_ADDRESS}


	class OTP:
	def __init__(self, secret):
	self.secret = secret

	def get_hotp_token(self, intervals_no):
	key = base64.b32decode(self.secret, True)
	msg = struct.pack(">Q", intervals_no)
	h = hmac.new(key, msg, hashlib.sha1).digest()
	o = ord(h[19]) & 15
	h = (struct.unpack(">I", h[o:o+4])[0] & 0x7fffffff) % 1000000
	return str(h).zfill(6)

	def get_totp_token(self, t=time.time()):
	return self.get_hotp_token(int(t)//30)


	def main():
	if len(sys.argv) != 2 or sys.argv[1].upper() not in ["START", "STOP"]:
	print "Usage: %s (start\|stop)" % sys.argv[0]
	return
	req = requests.get(CONNECT_ADDRESS[sys.argv[1].upper()], headers={"Auth": OTP(CONNECT_KEY).get_totp_token()})
	print req.content

	if __name__ == "__main__":
	main()
	#!/usr/bin/python
	# __author__="ihciah"
	# Need twisted and pyopenssl

	from twisted.web import resource
	from twisted.web import server as webserver
	from twisted.internet import reactor
	from OpenSSL.SSL import Context, TLSv1_METHOD
	import hmac, base64, struct, hashlib, time, os

	KEY = "ABCDABCDABCDABCD"
	HTTP_PORT = 23333


	class OTP:
	def __init__(self, secret):
	self.secret = secret

	def get_hotp_token(self, intervals_no):
	key = base64.b32decode(self.secret, True)
	msg = struct.pack(">Q", intervals_no)
	h = hmac.new(key, msg, hashlib.sha1).digest()
	o = ord(h[19]) & 15
	h = (struct.unpack(">I", h[o:o + 4])[0] & 0x7fffffff) % 1000000
	return str(h).zfill(6)

	def get_totp_token(self, t=time.time()):
	return self.get_hotp_token(int(t) // 30)

	def validate(self, authcode):
	valid_keys = [self.get_totp_token(time.time() + t) for t in (-30, 0, 30)]
	return reduce(lambda x, k: x or k == authcode, valid_keys, False)


	class HTTPServer(resource.Resource):
	isLeaf = True

	def validate(self, authcode):
	otp = OTP(KEY)
	return otp.validate(authcode)

	def render_GET(self, request):
	try:
	if request.uri == '/start-tinc':
	auth = request.getHeader('Auth')
	if auth and self.validate(auth):
	os.system("/usr/sbin/tincd -n sugar -k")
	os.system("/usr/sbin/tincd -n sugar")
	return "OK!"
	if request.uri == '/stop-tinc':
	auth = request.getHeader('Auth')
	if auth and self.validate(auth):
	os.system("/usr/sbin/tincd -n sugar -k")
	return "OK!"
	request.setResponseCode(403)
	return "403 Forbidden"
	except:
	pass


	class ContextFactory:
	def __init__(self, context):
	self.context = context

	def getContext(self):
	return self.context


	def main():
	cert = "/etc/ssl/ihc/crt"
	key = "/etc/ssl/ihc/key"

	httpserver = webserver.Site(HTTPServer())
	context = Context(TLSv1_METHOD)
	context.use_certificate_chain_file(cert)
	context.use_privatekey_file(key)

	reactor.listenSSL(HTTP_PORT, httpserver, ContextFactory(context))

	reactor.run()


	if __name__ == '__main__':
	try:
	main()
	except:
	pass